PT-2018-11111 · Asustor · Asustor Adm
Publicado
2018-12-04
·
Atualizado
2018-12-20
·
CVE-2018-12312
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
ASUSTOR ADM version 3.1.1
Description
The issue allows attackers to execute system commands as root via the
secret key URL parameter in the user.cgi module.Recommendations
For ASUSTOR ADM version 3.1.1, avoid using the
secret key parameter in the user.cgi module until the issue is resolved. Consider restricting access to the user.cgi module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
OS Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Asustor Adm